There are some problems in the code. First, I recommend using parameterized queries to avoid SQL Injection attacks, and also parameter types are detected by the framework:
var cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID = @id", con); cmd.Parameters.AddWithValue("@id", id.Text);
Secondly, since you are only interested in one value returned from the query, it is better to use ExecuteScalar MSDN :
var name = cmd.ExecuteScalar(); if (name != null) { position = name.ToString(); Response.Write("User Registration successful"); } else { Console.WriteLine("No Employee found."); }
The last thing is to wrap SqlConnection and SqlCommand in using so that any resources used by these are used:
string position; using (SqlConnection con = new SqlConnection("server=free-pc\\FATMAH; Integrated Security=True; database=Workflow; ")) { con.Open(); using (var cmd = new SqlCommand("SELECT EmpName FROM Employee WHERE EmpID = @id", con)) { cmd.Parameters.AddWithValue("@id", id.Text); var name = cmd.ExecuteScalar(); if (name != null) { position = name.ToString(); Response.Write("User Registration successful"); } else { Console.WriteLine("No Employee found."); } } }